- Abstract: Personal identification numbers (PINs) and grid patterns have been used for user authentication, such as for unlocking smartphones. However, they carry the risk that attackers will learn the PINs and patterns by shoulder surfing. We propose a secure authentication method called SheetKey that requires complicated and quick touch inputs that can only be accomplished with a sheet that has a pattern printed with conductive ink. Using SheetKey, users can input a complicated combination of touch events within 0.3 s by just swiping the pad of their finger on the sheet. We investigated the requirements for producing SheetKeys, e.g., the optimal disc diameter for generating touch events. In a user study, 13 participants passed through authentication by using SheetKeys at success rates of 78-87%, while attackers using manual inputs had success rates of 0-27%. We also discuss the degree of complexity based on entropy and further improvements, e.g., entering passwords on alphabetical keyboards.
- Keywords: Mobile authentication, touchscreens, conductive ink, capacitive touch panel
- Supplemental Video: zip